You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

In the past week had issues getting online. I started receiving a connection failure notification window then many instances of page not found with no network connection messages. If I refresh a few times the page will eventually load but it is slow and usually pointless. If I keep trying, sometimes I can get on-line and have about an hour without the errors, but it is still much slower loading a new page and I'm constantly interrupted when my screen suddenly displays an error screen. This is through firefox. Internet Explore will not work at all anymore - I only get the Internet Explorer can't display the webpage with a link to diagnose (never results in anything).

I looked at my network connections and found a sony phone listed as a network device. I took a picture of the properties and while i did, the device just went away.

my IT guy at work told me to run combofix - sorry, I did not know - but when i tried running it I got a message "rootkit detected." combo fix ran all night and i finally had to reboot with no results.

After reading the prep guide, i found that i can't enable the firewall - i get a message Windows firewall can't change some of your settings Error code 0x80070424 (and didn't know it was disabled). Also, cannot run dds as it just freezes my computer Started program and it froze (apparently) after about one minute with the "Please wait..." message showing,

Please help - I promise not to do anything until instructed to! I'm using another computer to post and check emails.

I didn't know if I should provide any info - but just in case, here's my system info:

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

Please do not run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Please do not attach logs or use code boxes, just copy and paste the text.

Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

Please read every post completely before doing anything.

Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

Please provide feedback about your experience as we go.

A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

okay - I ran the adwcleaner first and when it rebooted my computer, I got a message I forgot about. I've been getting this message since the issue started. I don't know if it's important - but . . it is a Microsoft Visual C++ Runtime Library - Runtime Error!

Program: C:\Program Files...

R6034

An application has made an attempt to load the C runtime library

incorrectly.

Please contact the application's support team for more information.

I clicked ok and then ran the Junkware Removal Tool. Have not rebooted after that.

As for how things are running . . . so far so good. I went to a few websites and the pages loaded without any errors and did not experience long delays.

I tried to download combofix, but when I went to save it to desktop, I'm asked if I want to replace existing file. I clicked yes and got a message that it is read only. Like I mentioned earlier, I tried to run it yesterday. Also, when I tried running it yesterday, I got a message that I'm running Symantec Endpoint protection. I can't figure out how to disable the SEP as there is no icon in system tray, nothing listed in my start menu - when I ran a search I found a folder named Symantec Endpoint Protection under C:\ProgramData\Symantec this folder is empty except for another folder xfer which is also empty. There is another folder VirusDefs that has a cat file dated 12/6/2011.

I'm going to bed but will check email tomorrow - thanks for sticking with me!!

1.Download Malwarebytes Anti-Rootkit2.Unzip the contents to a folder in a convenient location.3.Open the folder where the contents were unzipped and run mbar.exe4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.6.Wait while the system shuts down and the cleanup process is performed.7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

•Internet access•Windows Update•Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.10.Verify that your system is now functioning normally.

I ran Malwarebytes and after I rebooted, I ran again. Got a clean bill of health after the 2nd scan. Following your instructions, I checked windows firewall and it was magically turned on and gave me the green light. My internet is good too and I can ever open up a browser in internet explorer. I also checked Windows update - can't remember the last time that I didn't get a "fail." I didn't know if you wanted me to install the updates - so I did not. I did see that the definition update for microsoft secrity essentials was succesfull - last time it ran successfully was 12/3/13. I have 7 important updates waiting to be installed. Windows service pack 1 (everytime I've tried in the past it doesn't work), 1 malicious software removal tool and 5 security updates for microsoft office. I also have 74 optional updates with most being updates for Windows 7.

Do you want me to install the updates before I run rogueKiller?

I did not run roguekiller yet because the link you provided landed on a Page Not Found at Adlice Software. I noticed that they had a link to roguekiller under their software menu so I did download the file (not the 64x) I found here: http://www.adlice.com/softwares/roguekiller/

But, I haven't ran it because I thought it best to be safe instead of sorry and check with you first. Please let me know if this is the right file and if I should install any updates before (or after) running roguekiller.

So far my computer seems to be on the mend and I'm a lot less worried (okay - actually I'm not worried at all anymore) - as I was in complete panic mode yesterday!

I ran AdwCleaner and JRT - I can still access internet, my firewalls is on and I am not getting any "server not found" or network connection error messages anymore. I've pasted both logs below. The only issue so far is that after i ran AdwCleaner and then rebooted I still get:

Microsoft Visual C++ Runtime Library - Runtime Error!

Program: C:\Program Files...

R6034

An application has made an attempt to load the C runtime library incorrectly.